Compare commits
No commits in common. "main" and "0.1b" have entirely different histories.
|
@ -1,6 +0,0 @@
|
||||||
.venv/
|
|
||||||
*.code-workspace
|
|
||||||
*password*
|
|
||||||
host_vars/*/
|
|
||||||
docs/*.html
|
|
||||||
docs/*.pdf
|
|
|
@ -1,10 +0,0 @@
|
||||||
{
|
|
||||||
"recommendations": [
|
|
||||||
"redhat.ansible",
|
|
||||||
"asciidoctor.asciidoctor-vscode",
|
|
||||||
"streetsidesoftware.code-spell-checker",
|
|
||||||
"mhutchie.git-graph",
|
|
||||||
"esbenp.prettier-vscode",
|
|
||||||
"redhat.vscode-yaml"
|
|
||||||
]
|
|
||||||
}
|
|
|
@ -30,11 +30,11 @@ Requirements
|
||||||
```bash
|
```bash
|
||||||
# run one of the following (depending on your package manager)
|
# run one of the following (depending on your package manager)
|
||||||
sudo dnf install ruby-devel
|
sudo dnf install ruby-devel
|
||||||
sudo apt install ruby-dev
|
sudo apt install ruby-devel
|
||||||
```
|
```
|
||||||
- The `asciidoctor-pdf` (asciidoctor + pdf conversion), `rouge` (syntax highlighting) and `rghost` (pdf optimization) gem
|
- The `asciidoctor-pdf` (asciidoctor + pdf conversion), `rouge` (syntax highlighting) and `rghost` (pdf optimization) gem
|
||||||
```bash
|
```bash
|
||||||
gem install asciidoctor-pdf rouge rghost # you might have to run with 'sudo'
|
gem install asciidoctor-pdf rouge rghost
|
||||||
```
|
```
|
||||||
|
|
||||||
Then compile the guide:
|
Then compile the guide:
|
||||||
|
@ -42,7 +42,7 @@ Then compile the guide:
|
||||||
```bash
|
```bash
|
||||||
# for pdf
|
# for pdf
|
||||||
asciidoctor-pdf -a optimize ./docs/User_guide.adoc
|
asciidoctor-pdf -a optimize ./docs/User_guide.adoc
|
||||||
# for html WARNING: external resources are loaded when opening (fonts.googleapis.com, fonts.gstatic.com, cdnjs.cloudflare etc.)
|
# for html WARNING: external resources are loaded when opening (google fonts etc.)
|
||||||
asciidoctor ./docs/User_guide.adoc
|
asciidoctor ./docs/User_guide.adoc
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -38,7 +38,6 @@ cd GisServer
|
||||||
+
|
+
|
||||||
[,bash]
|
[,bash]
|
||||||
----
|
----
|
||||||
sudo apt install python3-venv # required on debian/ubuntu
|
|
||||||
python3 -m venv ./.venv --system-site-packages
|
python3 -m venv ./.venv --system-site-packages
|
||||||
source ./.venv/bin/activate
|
source ./.venv/bin/activate
|
||||||
pip3 install -r requirements.txt
|
pip3 install -r requirements.txt
|
||||||
|
@ -56,10 +55,10 @@ ansible-galaxy install -r requirements.yaml
|
||||||
+
|
+
|
||||||
[,bash]
|
[,bash]
|
||||||
----
|
----
|
||||||
ssh-keygen -a 100 -t ed25519 -C "a comment" -f ~/.ssh/id_$NEW_ANSIBLE_USER@$NEW_ANSIBLE_HOST
|
ssh-keygen -a 100 -t ed25519 -C "a comment" -f ~/.ssh/id_$NEW_ANSIBLE_USER@NEW_ANSIBLE_HOST
|
||||||
ssh-keygen -a 100 -t ed25519 -C "another comment" -f ~/.ssh/id_publisher@$NEW_ANSIBLE_HOST
|
ssh-keygen -a 100 -t ed25519 -C "another comment" -f ~/.ssh/id_publisher@$NEW_ANSIBLE_HOST
|
||||||
ssh-copy-id -i ~/.ssh/id_$NEW_ANSIBLE_USER@$NEW_ANSIBLE_HOST $NEW_ANSIBLE_USER@$NEW_ANSIBLE_HOST
|
ssh-copy-id -i ~/.ssh/id_$NEW_ANSIBLE_USER@NEW_ANSIBLE_HOST $NEW_ANSIBLE_USER@$NEW_ANSIBLE_HOST
|
||||||
ssh-add ~/.ssh/id_$NEW_ANSIBLE_USER@$NEW_ANSIBLE_HOST # optional, to remember key-phrase
|
ssh-add ~/.ssh/id_$NEW_ANSIBLE_USER@NEW_ANSIBLE_HOST # optional, to remember key-phrase
|
||||||
----
|
----
|
||||||
|
|
||||||
. Add the host to the inventory `nano inventory.yaml` (keep other entries)
|
. Add the host to the inventory `nano inventory.yaml` (keep other entries)
|
||||||
|
@ -74,27 +73,27 @@ testing: # or production or any other sensible group name
|
||||||
ansible_ssh_private_key_file: # ~/.ssh/id_$NEW_ANSIBLE_USER@$NEW_ANSIBLE_HOST
|
ansible_ssh_private_key_file: # ~/.ssh/id_$NEW_ANSIBLE_USER@$NEW_ANSIBLE_HOST
|
||||||
----
|
----
|
||||||
|
|
||||||
. Create a directory for the host `mkdir host_vars/$NEW_ANSIBLE_INV_NAME`
|
. Create a directory for the host `mkdir host_vars/$NEW_ANSIBLE_HOST`
|
||||||
|
|
||||||
. Copy the basic config file
|
. Copy the basic config file
|
||||||
+
|
+
|
||||||
[,bash]
|
[,bash]
|
||||||
----
|
----
|
||||||
cp host_vars/variables.yaml.template host_vars/$NEW_ANSIBLE_INV_NAME/variables.yaml
|
cp host_vars/variables.yaml.template host_vars/$NEW_ANSIBLE_HOST/variables.yaml
|
||||||
----
|
----
|
||||||
|
|
||||||
. Create the vault to store passwords needed by ansible
|
. Create the vault to store passwords needed by ansible
|
||||||
+
|
+
|
||||||
[,bash]
|
[,bash]
|
||||||
----
|
----
|
||||||
ansible-vault encrypt host_vars/secrets.yaml.template --output host_vars/$NEW_ANSIBLE_INV_NAME/secrets.yaml
|
ansible-vault encrypt host_vars/secrets.yaml.template --output host_vars/$NEW_ANSIBLE_HOST/secrets.yaml`
|
||||||
----
|
----
|
||||||
|
|
||||||
. Edit the vault
|
. Edit the vault
|
||||||
+
|
+
|
||||||
[,bash]
|
[,bash]
|
||||||
----
|
----
|
||||||
ansible-vault edit host_vars/$NEW_ANSIBLE_INV_NAME/secrets.yaml
|
ansible-vault edit host_vars/$NEW_ANSIBLE_HOST/secrets.yaml
|
||||||
# Generate a new password for every entry (preferably A-z0-9 to avoid escape mishaps)
|
# Generate a new password for every entry (preferably A-z0-9 to avoid escape mishaps)
|
||||||
----
|
----
|
||||||
|
|
||||||
|
@ -116,7 +115,7 @@ Host # e.g. $NEW_ANSIBLE_HOST
|
||||||
|
|
||||||
=== Run ansible (finally)
|
=== Run ansible (finally)
|
||||||
|
|
||||||
If you don't want to make any changes in `host_vars/$NEW_ANSIBLE_INV_NAME/variables.yaml` you can now run the playbook with the following command:
|
If you don't want to make any changes in `host_vars/$NEW_ANSIBLE_HOST/variables.yaml` you can now run the playbook with the following command:
|
||||||
[,bash]
|
[,bash]
|
||||||
----
|
----
|
||||||
ansible-playbook playbooks/main.yaml --ask-vault-pass
|
ansible-playbook playbooks/main.yaml --ask-vault-pass
|
||||||
|
|
|
@ -27,6 +27,7 @@ qgis_repo:
|
||||||
postgresql_server:
|
postgresql_server:
|
||||||
port: 5432
|
port: 5432
|
||||||
user: # TODO: add option to change?
|
user: # TODO: add option to change?
|
||||||
|
password: # TODO: link to vault?
|
||||||
|
|
||||||
qgis_server:
|
qgis_server:
|
||||||
full_version: "1:{{ _qgis_server_version }}+17bookworm"
|
full_version: "1:{{ _qgis_server_version }}+17bookworm"
|
||||||
|
@ -42,6 +43,7 @@ lizmap:
|
||||||
port: "{{ postgresql_server['port'] }}"
|
port: "{{ postgresql_server['port'] }}"
|
||||||
database: "lizmap"
|
database: "lizmap"
|
||||||
user: "lizmap"
|
user: "lizmap"
|
||||||
|
password: # TODO: link to vault?
|
||||||
version: "{{ _lizmap_version }}"
|
version: "{{ _lizmap_version }}"
|
||||||
path: "/var/www/"
|
path: "/var/www/"
|
||||||
root_repositories: "{{ sftp_root }}/qgis-projects" # no trailing /
|
root_repositories: "{{ sftp_root }}/qgis-projects" # no trailing /
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
---
|
---
|
||||||
# you have to generate the SSH-keys yourself
|
# you have to generate the SSH-keys yourself
|
||||||
publisher_ssh_keys: ["~/.ssh/id_publisher@{{ ansible_host }}.pub"] # or {{ inventory_hostname }}
|
publisher_ssh_keys: ["~/.ssh/id_publisher@{{ ansible_hostname }}.pub"]
|
||||||
|
|
|
@ -35,15 +35,6 @@
|
||||||
daemon_reload: true
|
daemon_reload: true
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: Ensure custom motd is latest
|
|
||||||
become: true
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: ./templates/motd.sh.j2
|
|
||||||
dest: /etc/profile.d/motd.sh
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: u=rw,g=r,o=r
|
|
||||||
|
|
||||||
- name: Ensure valid apt cache and required tools are present
|
- name: Ensure valid apt cache and required tools are present
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
|
@ -218,18 +209,20 @@
|
||||||
- name: Check if lizmap-web-client is present
|
- name: Check if lizmap-web-client is present
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.stat:
|
ansible.builtin.stat:
|
||||||
path: "{{ lizmap['path'] }}lizmap-web-client-{{ _lizmap_version }}/VERSION"
|
path: "/var/www/lizmap-web-client-{{ _lizmap_version }}/VERSION"
|
||||||
register: _lizmap_version_stat
|
register: _lizmap_version_stat
|
||||||
|
|
||||||
- name: Check if lizmap-web-client has version information
|
- name: Check if lizmap-web-client is target version
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.slurp:
|
ansible.builtin.slurp:
|
||||||
src: "{{ lizmap['path'] }}lizmap-web-client-{{ _lizmap_version }}/VERSION"
|
src: "/var/www/lizmap-web-client-{{ _lizmap_version }}/VERSION"
|
||||||
when: _lizmap_version_stat.stat.exists
|
|
||||||
register: _lizmap_version_file
|
register: _lizmap_version_file
|
||||||
|
when: _lizmap_version_stat.stat.exists
|
||||||
|
|
||||||
- name: Check if lizmap-web-client must be installed
|
- name: Ensure lizmap-web-client is target version
|
||||||
when: "not _lizmap_version_stat.stat.exists"
|
when:
|
||||||
|
"(not _lizmap_version_stat.stat.exists) or (_lizmap_version_file is defined and
|
||||||
|
_lizmap_version_file['content'] | b64decode != lizmap['version'] + '\n')"
|
||||||
block:
|
block:
|
||||||
- name: Ensure lizmap-web-client is downloaded
|
- name: Ensure lizmap-web-client is downloaded
|
||||||
become: true
|
become: true
|
||||||
|
@ -247,16 +240,26 @@
|
||||||
src: "/tmp/lizmap-web-client-{{ lizmap['version'] }}.zip"
|
src: "/tmp/lizmap-web-client-{{ lizmap['version'] }}.zip"
|
||||||
dest: "{{ lizmap['path'] }}"
|
dest: "{{ lizmap['path'] }}"
|
||||||
owner: www-data
|
owner: www-data
|
||||||
mode: u=rwX,g=rX,o=r
|
mode: u=rw,g=r,o=r
|
||||||
register: _lizmap_extracted
|
register: _lizmap_extracted
|
||||||
|
|
||||||
- name: Ensure lizmap-web-client is symlinked to documentRoot
|
- name: Ensure lizmap-web-client is symlinked to documentRoot
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
src: "{{ lizmap['path'] }}lizmap-web-client-{{ _lizmap_version }}/lizmap/www"
|
src: "/var/www/lizmap-web-client-{{ _lizmap_version }}/lizmap/www"
|
||||||
dest: "/var/www/html/lizmap"
|
dest: "/var/www/html/lizmap"
|
||||||
state: link
|
state: link
|
||||||
|
|
||||||
|
- name: Ensure lizmap-web-client default users file is latest
|
||||||
|
become: true
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "./templates/lizmap/defaultusers.json.j2"
|
||||||
|
dest: "{{ lizmap['path'] }}lizmap-web-client-{{ lizmap['version'] }}/lizmap/modules/lizmap/install/defaultusers.json"
|
||||||
|
backup: true
|
||||||
|
owner: www-data
|
||||||
|
group: www-data
|
||||||
|
mode: u=rw,g=r,o=
|
||||||
|
|
||||||
- name: Ensure lizmap-web-client conf is latest
|
- name: Ensure lizmap-web-client conf is latest
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.blockinfile:
|
ansible.builtin.blockinfile:
|
||||||
|
@ -268,11 +271,14 @@
|
||||||
mode: u=rw,g=r,o=
|
mode: u=rw,g=r,o=
|
||||||
create: true
|
create: true
|
||||||
marker: "; {mark} ANSIBLE MANAGED BLOCK"
|
marker: "; {mark} ANSIBLE MANAGED BLOCK"
|
||||||
|
|
||||||
loop:
|
loop:
|
||||||
- profiles.ini.php
|
- profiles.ini.php
|
||||||
- lizmapConfig.ini.php
|
- lizmapConfig.ini.php
|
||||||
- localconfig.ini.php
|
- localconfig.ini.php
|
||||||
|
|
||||||
|
register: _lizmap_conf
|
||||||
|
|
||||||
- name: Ensure lizmap-web-client directory has correct rights and owner
|
- name: Ensure lizmap-web-client directory has correct rights and owner
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
|
@ -295,35 +301,20 @@
|
||||||
- lizmap/www/cache/
|
- lizmap/www/cache/
|
||||||
- lizmap/www/document/
|
- lizmap/www/document/
|
||||||
- lizmap/www/live/
|
- lizmap/www/live/
|
||||||
|
register: _lizmap_rights
|
||||||
|
|
||||||
- name: Ensure lizmap-web-client installer was executed # noqa: no-handler
|
- name: Ensure lizmap-web-client installer was executed
|
||||||
|
become: true
|
||||||
|
become_user: www-data # TODO: ignore warning for remote_tmp
|
||||||
|
ansible.builtin.command:
|
||||||
|
chdir: "{{ lizmap['path'] }}lizmap-web-client-{{ lizmap['version'] }}"
|
||||||
|
cmd: "php lizmap/install/installer.php"
|
||||||
when:
|
when:
|
||||||
"_lizmap_extracted is changed"
|
"(_lizmap_extracted is changed)
|
||||||
|
or (_lizmap_conf is changed)
|
||||||
|
or (_lizmap_rights is changed)"
|
||||||
# TODO: find actual changes
|
# TODO: find actual changes
|
||||||
block:
|
changed_when: true # TODO: find actual changes
|
||||||
- name: Ensure lizmap-web-client default users file is latest
|
|
||||||
become: true
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: "./templates/lizmap/defaultusers.json.j2"
|
|
||||||
dest: "{{ lizmap['path'] }}lizmap-web-client-{{ lizmap['version'] }}/lizmap/modules/lizmap/install/defaultusers.json"
|
|
||||||
backup: false
|
|
||||||
owner: www-data
|
|
||||||
group: www-data
|
|
||||||
mode: u=rw,g=r,o=
|
|
||||||
|
|
||||||
- name: Run lizmap-web-client installer
|
|
||||||
become: true
|
|
||||||
become_user: www-data # TODO: ignore warning for remote_tmp
|
|
||||||
ansible.builtin.command:
|
|
||||||
chdir: "{{ lizmap['path'] }}lizmap-web-client-{{ lizmap['version'] }}"
|
|
||||||
cmd: "php lizmap/install/installer.php"
|
|
||||||
changed_when: true # TODO: find actual changes
|
|
||||||
|
|
||||||
- name: Ensure lizmap-web-client default users file is removed
|
|
||||||
become: true
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: "{{ lizmap['path'] }}lizmap-web-client-{{ lizmap['version'] }}/lizmap/modules/lizmap/install/defaultusers.json"
|
|
||||||
state: absent
|
|
||||||
|
|
||||||
- name: Ensure nginx sites are valid
|
- name: Ensure nginx sites are valid
|
||||||
notify:
|
notify:
|
||||||
|
|
|
@ -1,14 +1,14 @@
|
||||||
[
|
[
|
||||||
{
|
{
|
||||||
"login": "admin",
|
"login": "admin",
|
||||||
"_clear_password_to_be_encrypted": "{{ lizmap_admin_pass }}",
|
"_clear_password_to_be_encrypted": "{{ lizmap_admin_pass }}",
|
||||||
"status": 1,
|
"status": 1,
|
||||||
"email": "admin@localhost.localdomain",
|
"email": "admin@localhost.localdomain",
|
||||||
"firstname": "",
|
"firstname": "",
|
||||||
"lastname": "",
|
"lastname": "",
|
||||||
"organization": "",
|
"organization": "",
|
||||||
"street": "",
|
"street": "",
|
||||||
"postcode": "",
|
"postcode": "",
|
||||||
"city": ""
|
"city": ""
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
|
|
@ -1,9 +0,0 @@
|
||||||
RED='\033[0;31m'
|
|
||||||
YELLOW='\033[0;33m'
|
|
||||||
NC='\033[0m' # No Color
|
|
||||||
|
|
||||||
if [ "${USER}" == "{{ ansible_user }}" ]; then
|
|
||||||
echo -e "\nYou are logged in as user ${RED}${USER}${NC} used by ansible to manage this linux installation.
|
|
||||||
${YELLOW}Make sure to reflect all manual changes in the playbook found at
|
|
||||||
https://somepi.ddns.net/gites/gilex-dev/GisServer${NC}";
|
|
||||||
fi
|
|
Loading…
Reference in New Issue